package com.huang.config;

import com.huang.util.WebUtils;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;

import java.util.HashMap;
import java.util.Map;

@Configuration
public class DefaultWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //关闭跨域攻击
        http.csrf().disable();
        //设置请求失败或的拒绝的处理器
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
        //设置所有的资源访问不认证
        http.authorizeRequests().anyRequest().permitAll();

    }

    /**资源访问被拒绝的处理器*/
    public AccessDeniedHandler accessDeniedHandler(){
        return (request,response,e)->{
            //1.构建响应信息
            Map<String,Object> map=new HashMap<>();
            map.put("state",403);
            map.put("message","权限不足");
            //2.将响应信息写到客户端
            WebUtils.writeJsonToClient(response,map);
        };
    }




}
